Strongin / TT3766 



1/73 




100 



MEMORY 
106 



NORTH BRIDGE 
104 



AGP 

108 



IDE 

114 ^ 



USB / 
116 




113 



PCI 
S 110 



SOUTH BRIDGE 
112 



LPC BUS 
118 ^ 



SUPER 
I/O 
120 



BIOS 
122 



Fig. 1A 
(Prior Art) 



Strongin / TT3766 



2/73 



SOUTH BRIDGE 
112 



RTC BATTERY WELL125 



CPU 
INTERFACE 

132 



PCI BUS 
INTERFACE 
LOGIC 
134A 



IDE 
INTERFACE 
LOGIC 
134B 




POWER/SYSTEM 
MANAGEMENT 
133 



USB 
INTERFACE 
LOGIC 
134C 



LPC 
INTERFACE 
LOGIC 
134D 



Fig. 1B 
(Prior Art) 



Strongin / TT3766 



3/73 ^135 



POWER SUPPLY INITIALIZATION POWER SUPPLY GENERATES A POWER 
GOOD SIGNAL TO THE NORTH BRIDGE 136 



UP RECEIVING THE POWER GOOD SIGNAL, THE SOUTH BRIDGE STOPS 
ASSERTING THE RESET SIGNAL FOR THE PROCESSOR 138 



THE PROCESSOR READS THE DEFAULT JUMP LOCATION, USUALLY AT 

FFFFCi 140 

| 

THE PROCESSOR JUMPS TO THE BIOS CODE LOCATION IN THE ROM BIOS, 
COPIES THE BIOS CODE TO RAM, AND BEGINS PROCESSING BIOS CODE 
INSTRUCTIONS FROM RAM 142 

i 

BIOS CODE PERFORMS POWER ON SELF TEST (POST) 144 



BIOS CODE LOOKS FOR ADDITIONAL BIOS CODE, SUCH AS VIDEO @ COOOh 
AND ATA/IDE HARD DRIVE BIOS CODE @ C800h, AND DISPLAYS A START-UP 

INFORMATION SCREEN 146 



BIOS CODE PERFORMS ADDITIONAL SYSTEM TESTS, SUCH AS THE RAM 
COUNT-UP TEST, AND SYSTEM INVENTORY, SUCH AS IDENTIFYING COM 

AND LPT PORTS 148 



BIOS CODE IDENTIFIES PLUG-N-PLAY AND OTHER SIMILAR DEVICES AND 
DISPLAYS A SUMMARY SCREEN 150 



BIOS CODE IDENTIFIES THE BOOT LOCATION 152 



BIOS CODE CALLS THE BOOT SECTOR CODE TO BOOT THE COMPUTER 

SYSTEM 154 



Fig. 2A 
(Prior Art) 



Strongin / TT3766 



4/73 

^170 

INTERRUPT CONTROLLER RECEIVES A REQUEST FOR SYSTEM 
MANAGEMENT MODE (SMM) 172 

, 
I 

, I 

INTERRUPT CONTROLLER SIGNALS THE REQUEST FOR SMM TO THE 
PROCESSOR BY ASSERTING THE SYSTEM MANAGEMENT INTERRUPT (SMI#) 

SIGNAL 174 

1 

PROCESSOR RECOGNIZES THE REQUEST FOR SMM AND ASSERTS THE SMI 

ACTIVE (SMIACT#) SIGNAL 176 



SYSTEM RECOGINIZES THE SMIACT# SIGNAL, DISABLES ACCESS TO RAM, 
AND ENABLES ACCESS TO SYSTEM MANAGEMENT RAM (SMRAM) SPACE 

178 



CURRENT PROCESSOR STATE IS SAVED TO SMRAM 180 



PROCESSOR RESETS TO SMM DEFAULT STATE AND ENTERS SMM 182 



PROCESSOR READS DEFAULT POINTER AND JUMPS INTO SMRAM SPACE 

184 



STATUS REGISTERS ARE CHECKED TO IDENTIFY THE SMI REQUEST 186 



SMI HANDLER SERVICES THE SMI REQUEST 188 



SMI HANDLER ISSUES RETURN FROM SMM (RSM) INSTRUCTION TO 

PROCESSOR 190 



PROCESSOR RESTORES SAVED STATE INFORMATION AND CONTINUES 

NORMAL OPERATION 192 



Fig. 2B 
(Prior Art) 



5/73 



USER 
INPUT/ 
OUTPUT 
205 



200 



APPLICATIONS 
210 



CRYPTOGRAPHY 
SERVICE 
PROVIDERS 
215 



API 
CALLS 
220 



DRIVERS 
225 



HARDWARE 
230 



L 



"» SECURE 
jEXECUTION 

y box 

260 



Fig 



Strongin / TT3766 



6/73 



SOUTH BRIDGE 
330 



i 

i 




ic ! 


SECURITY 




365 . 

1 



TO 

PROCESSOR 
102 



370 



LPC 
BIL 
134D 



LPC BUS 

118 \ 



CRYPTO 
PROCESSOR 

305 



USB 
INTERFACE 
LOGIC 
134C 



BIOMETRIC 
DEVICE 
320 



MEMORY 
PERMISSION 
TABLE 

310 



USB HUB 
315 



BIOS 
355 



SMART CARD 
READER 
325 



Fig. 4 



Strongin / TT3766 



7/73 



SOUTH BRIDGE 
330A 



REQ 



\ 

EXIT 
SMM 
404 



SMM 
INITIATOR 
425A 



SMM 



REQ 



MAILBOX 
RAM 
415 



SMM 
ACCESS 
FILTERS 

410 



SMM ACCESS CONTROLLER 402A 



CONTROL 
LOGIC 
420A 



DURATION 
TIMER 
406A 



SMM 
INDICATOR 
405 




I/O 



SMI# 



SMIACT# 



KICK-OUT 
TIMER 
407A 



RESTART 
TIMER 
408 



SMM TIMING CONTROLLER 401A 



SECURITY 
HARDWARE 
370A 



Fig. 5A 



Strongin / TT3766 



8/73 



SMM 
INITIATION 
REGISTER 

425B 



\ 

EXIT 
SMM 
404 



SOUTH BRIDGE 
330B 

REQ 



SMM 



REQ 



IC 
365 



CONTROL 
LOGIC 
420B 



MAILBOX 
RAM 
415 



SMM 
ACCESS 
FILTERS 

410 



I/O 



SMM ACCESS CONTROLLER 402B 



SECURITY 
HARDWARE 
370B 



DURATION/ 
KICK-OUT 
TIMER 
407B 



SMM 
INDICATOR 
405 



SMI# 
SMIACT# 



RESTART 
TIMER 
408 



SMM TIMING CONTROLLER 401 B 



Fig. 5B 



Strongin / TT3766 



9/73 



SOUTH BRIDGE 
330C 



SMM ACCESS CONTROLLER 402 



RNG 
455 



410 



ACCESS LOCKS 460 



SCRATCHPAD 
RAM 
440 



MONOTONiC 
COUNTER 
435A 



TCO 
COUNTER 
430 



CONTROL 
LOGIC 
420 



SMM 
MANAGEMENT 
REGISTERS 470 



OAR 
LOCKS 
450 



SMM 
TIMING 
CONTROLLER 
401 



OAR 
OVERRIDE 
445 



SECURITY 
HARDWARE 
370C 



Fig. 6 



Strongin / TT3766 



10/73 



LPC BUS 
118 



CRYPTO 
PROCESSOR 
305 

SECRET 
610A 



SMM ROM 

550 



Fig. 7A 



I BIOS ROM I 

! 355 ! 



EXTENDED BIOS 555 



BIOS ROM ! i SMM ROM 
355 ; 550 



Fig. 7B 



Strongin / TT3766 



11/73 



PROTECTED 
STORAGE 
605A 



RANDOM 
NUMBER 
GENERATOR 
455 



INTERFACE 
LOGIC 
602 



ACCESS 
LOGIC 
609A 



LOCK 
REGISTER 
606 



SECRET 
610B 



CODE 
STORAGE 
607 



DATA 
STORAGE 
608A 



Fig. 7C 



12/73 



CRYPTO 
PROCESSOR 
305 



SECRET 
610A 



PROTECTED 
STORAGE 
605B 



ACCESS 
LOGIC 
609B 



LOCK 
REGISTER 

606 



SECRET 
610B 



CODE 
STORAGE 
607 



DATA 
STORAGE 
608A 



Fig. 7D 



Strong in / TT3766 



13/73 



BIOS ROM 
355 



DATA 
608B 



SECRET 
610C 



PRIVATE MEMORY 
606 



Fig. 8A 



Strongin / TT3766 



14/73 



SMM ROM 
550 



SECRET 
610D 



PUBLIC 0 
625 



SMM ROM 0 
615 



PUBLIC 1 
630 



SMM ROM 1 
616 



RESERVED 
635 



SMM ROM 2 REGISTERS 
617 640 



MONOTONIC 
COUNTER 
435B 



Fig. 8B 



Strongin / TT3766 



15/73 



PROCESSOR 
805 



SMM EXIT 
CONTROLLER 
806 




800A 



LOCAL 
BUS 
808 * 



SMIACT# 



NORTH BRIDGE 
810 



MEMORY 
106 



MEMORY 
CONTROLLER 
815 



PCI 
^110 



SOUTH BRIDGE 
330 



SCRATCHPAD 
RAM 
440 



SMM TIMING 
CONTROLLER 
401 



Fig. 9A 



Strongin / TT3766 



16/73 



PROCESSOR 
805 



SMM EXIT 
CONTROLLER 
806 



800B 




NORTH BRIDGE 
810 



MEMORY 
106 



MEMORY 
CONTROLLER 
815 



PCI 
110 



SMIACT# 



EXIT 
SMM 
SIGNAL 
404 



SOUTH BRIDGE 

330 

SMM TIMING 

SCRATCHPAD CONTROLLER 

RAM 401 

440 



Fig. 9B 



17/73 




INITIATE KICK-OUT TIMER 910 



!« NO 




YES 



I 

TRANSMIT SIGNAL TO PROCESSOR TO 
EXIT SMM PRIOR TO FINISHING SERVICING 
THE SMI REQUEST THAT PUT THE 
COMPUTER SYSTEM INTO SMM 920 



PROCESSOR SAVES STATE OF SMM 
SESSION AND EXITS SMM 925 



Fig. 10A 



Strongin / TT3766 



18/73 

© 

i 

INITIATE RESTART TIMER 1010 




YES 



ASSERT SMI REQUEST TO PROCESSOR 1020 



PROCESSOR ENTERS SMM AND LOOKS FOR AN ENTRY 
INDICATING THAT A PREVIOUS SMM SESSION WAS ENDED 
PRIOR TO FINISHING 1025 



PREVIOUS SMM 
LESSION UNFINISHED^ 
1030 

NO 



START NEW SMM 
SESSION 1035 



-YES- 



READ SAVED STATUS OF 
PREVIOUS SMM SESSION 
1040 



CONTINUE PREVIOUS 
SMM SESSION 1045 



Fig. 10B 



Strongin / TT3766 



19/73 



1100A 



CHECK THE RTC CHECKSUM 
1105 




INSPECT MONOTONIC COUNTER IN SMM ROM 1115 



VALUE STORED 
MONOTONIC COUNTER IN SMM ROM EQUAL 
JO RESET VALUE? 1120A 



-N9- 



YES 



IDENTIFY VALUE STORED IN MONOTONIC 
COUNTER IN SMM ROM 1125A 



YES 



UPDATE VALUE STORED IN MONOTONIC 
COUTNER IN SMM ROM BY SMALLEST 
INCREMENT 1135A 



UPDATE VALUE STORED 
IN MONOTONIC COUNTER 

IN SMM ROM TO 
SMALLEST INCREMENTAL 
VALUE 1130A 



Fig. 11A 



Strongin / TT3766 




ALL VALUES IN 
MONOTONIC COUNTER IN SMM ROM EQUAL 
TO ONE? 1120B 



-NO- 



IDENTIFY HIGHEST NUMBERED BYTE 
WITH A ZERO IN A MOST SIGNIFICANT 
BIT 1125B 



YES 



UPDATE NEXT HIGHEST NUMBERED 
BYTE WITH A ZERO IN A NEXT MOST 
SIGNIFICANT BIT 1135B 



YES 

I 



UPDATE FIRST BYTE WITH 
A ZERO AS THE LEAST 
SIGNIFICANT BIT 1130B 




Fig. 11B 



Strong in /TT3766 



21/73 



1200A 



VALUE STORED IN 
MONOTONIC COUNTER IN SOUTH BRIDGE EQUAL 
TO MAXIMUM VALUE? 1205A 



I YES 

INSPECT MONOTONIC COUNTER IN SMM ROM 1210 



NO 



VALUE STORED IN 
MONOTONIC COUNTER IN SMM ROM EQUAL 
TO RESET VALUE? 1215A 



-NO- 



IDENTIFY VALUE STORED IN MONOTONIC 
COUNTER IN SMM ROM 1220A 



UPDATE VALUE STORED IN MONOTONIC 
COUTNER IN SMM ROM BY SMALLEST 
INCREMENT 1230A 



YES 



UPDATE VALUE STORED 
IN MONOTONIC COUNTER 

IN SMM ROM TO 
SMALLEST INCREMENTAL 
VALUE 1225A 



Fig. 12A 



Strongin / TT3766 




ALL VALUES IN 
MONOTONIC COUNTER IN SMM ROM EQUAL 
TO ONE? 1215B 



-N9- 



IDENTIFY HIGHEST NUMBERED BYTE 
WITH A ZERO IN A MOST SIGNIFICANT 
BIT 1220B 



NO 



UPDATE NEXT HIGHEST NUMBERED 
BYTE WITH A ZERO IN A NEXT MOST 
SIGNIFICANT BIT 1230B 



YES 



£ 



UPDATE FIRST BYTE WITH 
A ZERO AS THE LEAST 
SIGNIFICANT BIT 1225B 



v y 



Fig. 12B 



Strongin / TT3766 



23/73 



1300A 



RECEIVE REQUEST FOR A VALUE IN THE MONOTONIC COUNTER 

1305 



REQUEST A VALUE FROM THE MONOTONIC COUNTER IN 
THE SOUTH BRIDGE 1310 



UPDATE VALUE IN MONOTONIC COUNTER IN SOUTH BRIDGE 

1315 



CHECK UPDATED VALUE FROM THE MONOTONIC COUNTER IN 
THE SOUTH BRIDGE FOR ROLLOVER VALUE 1320 




NO 



^ YES 

UPDATE VALUE IN THE MONOTONIC 
COUNTER IN THE SMM ROM 1330 



PROVIDE UPDATED VALUE FROM MONOTONIC COUNTER IN 
SOUTH BRIDGE 1335 




Fig. 13A 



Strongin / TT3766 



24/73 



(T) 



1300B 



1 


r 


REQUEST A VALUE FROM THE MONOTONIC COUNTER 
INTHESMMROM 1340 




r 


RECEIVE THE VALUE FROM THE MONOTONIC COUNTER 
INTHESMMROM 1345 




r 


COMBINE THE VALUE FROM THE MONOTONIC COUNTER 
IN THE SOUTH BRIDGE WITH THE VALUE FROM THE MONOTONIC 
COUNTER IN THE SMM ROM 1350 




r 


PROVIDE THE COMBINED VALUE IN RESPONSE TO THE 
REQUEST FOR THE VALUE FROM THE MONOTONIC COUNTER 

1355 


1 


r 



Fig. 13B 



Strongin / TT3766 



25/73 



PERFORMANCE 
REGISTERS • 
1405 



REG 1405N 



805A 



REG 1405E 



REG 1405D 



REG 1405C 



REG 1405B 



REG 1405A 



1406 







ENTROPY 
REGISTER 
1410 


■4-1 




4 


-D 




C 


REQ 




ENTROPY 












CONTROL 








RN 




UNIT 
1415 





RNG 455A 



Fig. 14A 



Strongin / TT3766 



26/73 



PERFORMANCE 
REGISTERS 
1405 



REG 1405N 



REG 1405E 



REG 1405D 



REG 1405C 



REG 1405B 



REG 1405A 



RN 



805B 



------ 1406 



ENTROPY 
REGISTER 
1410 



CLK 



RNG 455B 



Fig. 14B 



Strongin / TT3766 



27/73 



CLK1505 



2l 



SYSTEM RESET 



READ STROBE 



D/A 
1520 



3- 



vco 

1525 



1507 



2l 



1508^ 



IN 

SAMPLE 
& HOLD 
> 1530 

OUT 



OUT 



IN 



LFSR8 1515 
RO[7:0] 













ROO 
1514A 




R07 
1514H 



IN 

CRC32 
1535 

OUT 



SELF 
TEST 
1511 



TEST_OK 
"CT506 



32 
GND.P 



MUX 
1545 

SEL 



£>RST 



COUNTER 
1540 

FULL 



RN[31:0] 
M510 



DONE 

^1509 



RNG 455C 



Fig. 15 



Strongin / TT3766 



28 1 73 1600A 



THE PROCESSOR EXECUTES BIOS CODE INSTRUCTIONS FROM SMM SPACE 

IN THE RAM 1620 



BIOS CODE PERFORMS POWER ON SELF TEST (POST) 1625 



ACCESSING THE SECURITY HARDWARE 1630 



OPTIONALLY ENTER BIOS MANAGEMENT MODE 1632 



BIOS CODE LOOKS FOR ADDITIONAL BIOS CODE, SUCH AS VIDEO @ COOOh 
AND ATA/IDE HARD DRIVE BIOS CODE @ C800h, AND DISPLAYS A START-UP 

INFORMATION SCREEN 1635 



BIOS CODE PERFORMS ADDITIONAL SYSTEM TESTS, SUCH AS THE RAM 
COUNT-UP TEST, AND SYSTEM INVENTORY, SUCH AS IDENTIFYING COM 

AND LPT PORTS 1640 



BIOS CODE IDENTIFIES PLUG-N-PLAY AND OTHER SIMILAR DEVICES AND 
DISPLAYS A SUMMARY SCREEN 1645 



CLOSING THE ACCESS LOCKS TO THE SECURITY HARDWARE 1650 



BIOS CODE IDENTIFIES THE BOOT LOCATION 1655 



BIOS CODE CALLS THE BOOT SECTOR CODE TO BOOT THE COMPUTER 

SYSTEM 1660 



Fig. 16A 



Strongin / TT3766 



29/73 

1600B 



OPENING THE ACCESS LOCKS TO THE SECURITY HARDWARE 1615 



THE PROCESSOR EXECUTES BIOS CODE INSTRUCTIONS FROM SMM SPACE 

IN THE RAM 1620 



ACCESSING THE SECURITY HARDWARE 1630 



OPTIONALLY ENTER BIOS MANAGEMENT MODE 1632 



i . 

BIOS CODE LOOKS FOR ADDITIONAL BIOS CODE, SUCH AS VIDEO @ COOOh 
AND ATA/IDE HARD DRIVE BIOS CODE @ C800h, AND DISPLAYS A START-UP 

INFORMATION SCREEN 1635 



BIOS CODE IDENTIFIES PLUG-N-PLAY AND OTHER SIMILAR DEVICES AND 
DISPLAYS A SUMMARY SCREEN 1645 



V 

CLOSING THE ACCESS LOCKS TO THE SECURITY HARDWARE 1650 



▼ , 

BIOS CODE IDENTIFIES THE BOOT LOCATION 1655 



BIOS CODE CALLS THE BOOT SECTOR CODE TO BOOT THE COMPUTER 

SYSTEM 1660 



Fig. 16B 



30/73 



1600C 




Fig. 16C 



Strongin / TT3766 



31/73 



1600D 



PROCESSOR OPERATES OUTSIDE OF SMM 1604 



CODE EXECUTING ON THE PROCESSOR ATTEMPTS TO ACCESS THE 
SECURITY HARDWARE 1606 




YES 



ACCESS THE SECURITY HARDWARE 1630 



IF NECESSARY, CLOSE THE ACCESS LOCKS TO THE SECURITY HARDWARE 

1650 



Fig. 16D 



Strongin / TT3766 



32/73 




CHANGE LOCK TO ALLOW ACCESS TO THE REQUESTED SECURITY 

HARDWARE 1694 



Fig. 16E 



Strongin / TT3766 



33/73 

^ 1600F 

THE PROCESSOR LOADS CODE INSTRUCTIONS INTO SMM SPACE IN THE 

RAM 1605 



| 

▼ , 

OPENING THE ACCESS LOCKS TO THE SECURITY HARDWARE 1615 



i __ 

THE PROCESSOR EXECUTES SMM CODE INSTRUCTIONS FROM SMM SPACE 

IN THE RAM 1620 



ACCESSING THE SECURITY HARDWARE 1630 



I 

CLOSING THE ACCESS LOCKS TO THE SECURITY HARDWARE 1650 



THE PROCESSOR RELOADS THE PREVIOUS STATE AND CONTINUES 

OPERATING 1665 



Fig. 16F 



Strongin / TT3766 



34/73 



1600G 



THE PROCESSOR LOADS CODE INSTRUCTIONS INTO SMM SPACE IN THE 

RAM 1605 




YES 



THE PROCESSOR EXECUTES SMM CODE INSTRUCTIONS FROM SMM SPACE 

IN THE RAM 1620 



ACCESSING THE SECURITY HARDWARE 1630 



CLOSING THE ACCESS LOCKS TO THE SECURITY HARDWARE 1650 



THE PROCESSOR RELOADS THE PREVIOUS STATE AND CONTINUES 

OPERATING 1665 



Fig. 16G 



/ 



Strongin / TT3766 



35/73 



Jk ' 



460A 



460B 



SEQUESTER BIT 
REGISTER 1705 



Fig. 17A 



SEQUESTER REGISTERS 1710 



Fig. 17B 



ACCESS LOCKS 460C 




ONE OR MORE SEQUESTER 






REGISTERS 1715A 








ONE OR MORE SEQUESTER 






REGISTERS 1715B 




• 
• 
• 




ONE OR MORE SEQUESTER 






REGISTERS 1715N 




t 


• 
• 



OAR OVERRIDE 445 




OAR 






LOCK 






OVERRIDE 






BIT 






1750 








CHANGE 






OAR 






LOCK 






OVERRIDE 






BIT 






1755 







Fig. 17C 



Fig. 17D 



Strongin / TT3766 



36/73 



START 
1805 



1800A 



ONE OR MORE 
INSTRUCTIONS FOR 
EXECUTION IN SMM 1835A 



STOP 
1895 



Fig. 18A 
PRIOR ART 



f START 
V 1805 



1800B 



ONE OR MORE 
INSTRUCTIONS FOR 
EXECUTION IN SMM 1835B 



ENTRYr 
EXIT 
\ POINT 




ONE OR MORE 
INSTRUCTIONS FOR 
EXECUTION IN SMM 1880 



STOP 
1895 



Fig. 18B 



Strongin / TT3766 



37/73 



Si ART 
1805 



1800C 



RECEIVE A REQUEST TO ENTER SMM 1810 



SAVE SYSTEM STATE 1815 




LOAD REQUESTED DEFAULT SMM 
STATE 1825 




LOAD SAVED SMM STATE 1830 











I 

_i_ 



EXECUTE LOADED SMM STATE 1835 




SAVE CURRENT SMM STATE 1850 



EXIT SMM 1855 



RELOAD SAVED SYSTEM STATE 1860 



f STOP 
\ 1895 



Fig. 18C 



Strongin / TT3766 



38/73 



CONTROL 
LOGIC 
3010 



PROCESSOR 
805 



BOOT 
SWITCH 
3005 



3000A 



SOUTH BRIDGE 
330 



! CRYPTO 
| PROCESSOR 
305 



BIOS 
355 



B 



OTHER 
HARDWARE 
301 5A 



OTHER 
HARDWARE 
3015B 



Fig. 19A 



Strongin / TT3766 



3000B 



39/73 

PROCESSOR 
805 



LPC 
BIL 
134D 



LOCAL 
BUS^ 
808 



NORTH BRIDGE 
810 



CONTROL 
LOGIC 
301 C 



1 PCI 



SOUTH BRIDGE 
330 



LPC 
BIL 
134D 



BOOT 
SWITCH 
A / 3005 

O 



LPC BUS 
SEGMENT 
^ 3018 



LPC BUS 
118 



& 



\ 



B 



Fig. 19B 



; CRYPTO 
: PROCESSOR 
i 305 



BIOS 
355 



Strongin / TT3766 



40/73 



PROCESSOR 
805 



CONTROL 
LOGIC 
3010 



LOCAL 
BUS- 
808 



NORTH BRIDGE 
810 



PCI 
^110 



LPC 
BIL 
134D 



SOUTH BRIDGE 
330 



3000C 



BOOT 
SWITCH 
3005 



"D 



CRYPTO 
PROCESSOR 
305 



BIOS 
355 



LPC BUS 
118 



Q. 



B 



Fig. 19C 



Strongin / TT3766 



41/73 



HDTEN 
3115 



PROCESSOR 
805A 



RESET 



3125 



HDT RESET 
LOGIC 
3120A 



NVRAM 
3130 



HDT 
CONTROL 
LOGIC 
3110A 



HDT 
INPUTS 
3105 



Fig. 20A 



HDTENLK 
3135 



HDTEN 
3115 



RESET H ™ 

3125/ * L0GIC 
' 3120B 



PROCESSOR 
805B 



HDT 
CONTROL 
LOGIC 
3110B 



HDT 
INPUTS 
3105 



3140 



J-3145 



Fig. 20B 



Strongin / TT3766 



42/73 




PROCESSOR 
805C 



R ESET 
3125 / 



MLE RESET 
LOGIC 
3165 



MICROCODE 
CONTROL 
LOGIC 
3155 



MC 
INPUTS 
3150 



Fig. 20C 



PROCESSOR 
805D 

INPUTS 



LOCK CONTROL/ 3170 

REGISTER ' / ^SET /— 

3180 ■ 7 L0GIC ; 
3175 



Fig. 20D 



Strongin / TT3766 



43/73 




RECEIVE REQUEST TO INITIATE HDT MODE 3205 



1 : 

j 

j 

DETERMINE HDT MODE ENABLE STATUS 3210 




YES 

7 



INITIATE HDT MODE 3220 




Fig. 21 



Strongin / TT3766 



44/73 



3300 




DETERMINE HDT MODE LOCK STATUS 3310 




; YES 

_i 



REQUEST AUTHORIZATION TO CHANGE 
HDT MODE LOCK STATUS 3320 




YES 



i 

CHANGE HDT MODE LOCK STATUS 3330 j 



CHANGE HDT MODE ENABLE STATUS J3335 

i 



\ 

/ 



Fig. 22 



Strongin / TT3766 



45/73 



3400 



RECEIVE REQUEST TO INITIATE 
MICROCODE UPDATE MODE 3405 



DETERMINE MICROCODE UPDATE MODE STATUS 3410 




Fig. 23 



46/73 



RECEIVE REQUEST TO CHANGE 

MICROCODE UPDATE MODE STATUS 3505 

i 




DETERMINE MICROCODE UPDATE LOCK STATUS 3510 




: YES 

.1 



REQUEST AUTHORIZATION TO CHANGE 
MICROCODE UPDATE LOCK STATUS 3520 




YES 



i 

CHANGE MICROCODE UPDATE LOCK STATUS _3530 



CHANGE MICROCODE UPDATE MODE STATUS J3535 k 



Fig. 24 



in / TT3766 



47/73 



^/ 3600A 



A SECURITY DEVICE RECEIVES A TRANSACTION REQUEST FOR A STORAGE 
LOCATION ASSOCIATED WITH A STORAGE DEVICE CONNECTED TO THE 

SECURITY DEVICE 3605A 



THE SECURITY DEVICE PROVIDES ACCESS CONTROL FOR THE STORAGE 

DEVICE 3610A 



I 
i 

T 



THE SECURITY DEVICE MAPS THE STORAGE LOCATION IN THE 
TRANSACTION REQUEST ACCORDING TO THE ADDRESS MAPPING OF THE 

STORAGE DEVICE 361 5A 



i 

_z_ 



THE SECURITY DEVICE PROVIDES THE TRANSACTION REQUEST TO THE 

STORAGE DEVICE 3620A 



THE STORAGE DEVICE PERFORMS THE REQUESTED TRANSACTION 3625A 



Fig. 25A 



Strongin / TT3766 



48/73 



3600B 



A CRYPTO-PROCESSOR RECEIVES A TRANSACTION REQUEST FOR A 
MEMORY LOCATION ASSOCIATED WITH A MEMORY CONNECTED TO THE 

CRYPTO-PROCESSOR 3605B 



THE CRYPTO-PROCESSOR PROVIDES ACCESS CONTROL FOR THE 

MEMORY 361 OB 



THE CRYPTO-PROCESSOR MAPS THE MEMORY LOCATION IN THE 
TRANSACTION REQUEST ACCORDING TO THE ADDRESS MAPPING OF THE 

MEMORY 3615B 



THE CRYPTO-PROCESSOR PROVIDES THE TRANSACTION REQUEST TO THE 

MEMORY 3620B 
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THE MEMORY PERFORMS THE REQUESTED TRANSACTION 3625B 



Fig. 25B 
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3610A 



THE SECURITY DEVICE DETERMINES IF A LOCK IS IN PLACE FOR THE 

STORAGE LOCATION 3705 




THE SECURITY DEVICE PROVIDES A CHALLENGE IN RESPONSE TO THE 
TRANSACTION REQUEST FOR THE STORAGE LOCATION ASSOCIATED WITH 
A STORAGE DEVICE CONNECTED TO THE SECURITY DEVICE 3715 



THE SECURITY DEVICE RECEIVES A RESPONSE TO THE CHALLENGE 3720 



THE SECURITY DEVICE EVALUATES THE RESPONSE BY COMPARING THE I 
RESPONSE TO AN EXPECTED RESPONSE 3725 




THE SECURITY DEVICE PROVIDES THE TRANSACTION REQUEST TO THE 

STORAGE DEVICE 3735 



Fig. 26 
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STORE A SECRET IN A STORAGE DEVICE (e.g. A MEMORY) 3805 
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STORE DATA IN THE STORAGE DEVICE 3810 







STORE CODE IN THE STORAGE DEVICE 3815 



READ THE SECRET FROM THE STORAGE DEVICE (e.g. AT BOOT TIME) 3820 



i 



STORE THE SECRET IN A SECURE LOCATION (e.g. IN SMM SPACE) 3825 



READ THE CODE FROM THE STORAGE DEVICE 3830 



STORE THE CODE IN THE SECURE LOCATION 3835 



LOCK A LOCK TO SECURE THE STORAGE DEVICE 3840 



READ DATA FROM THE STORAGE DEVICE 3845 



SUBMIT THE SECRET OR AN INDICATION THEREOF 
TO THE STORAGE DEVICE 3850 



USE THE CODE TO SUBMIT THE SECRET (OR THE INDICATION) 
TO THE STORAGE DEVICE 3855 



UNLOCK THE LOCK SECURING THE STORAGE DEVICE 3860 



Fig. 27 
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3900 



A REQUESTOR MAKES AN ACCESS REQUEST 3905 



A GATEKEEPER RECEIVES THE ACCESS REQUEST AND PROVIDES A 
CHALLENGE TO THE REQUESTOR TO AUTHENTICATE THE REQUESTOR'S 
AUTHORITY TO MAKE THE ACCESS REQUEST 3910 

. j 



THE REQUESTOR RECEIVES THE CHALLENGE AND PROVIDES A RESPONSE 
TO THE CHALLENGE TO AUTHENTICATE THE REQUESTOR'S AUTHORITY TO 
MAKE THE ACCESS REQUEST 3915 



I 

THE GATEKEEPER RECEIVES THE RESPONSE TO THE CHALLENGE AND 
COMPARES THE RESPONSE TO AN EXPECTED RESPONSE 3920 



I 




THE GATEKEEPER APPROVES THE ACCESS REQUEST 3930 



Fig. 28 
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4100A 



A BIOMETRIC DATA TRANSACTION IS REQUESTED INVOLVING A BIOMETRIC 

DEVICE 4110 



A NONCE OR RANDOM NUMBER IS PROVIDED TO THE BIOMETRIC DEVICE 

4115 



THE BIOMETRIC DEVICE RESPONDS TO THE DATA TRANSACTION REQUEST 
WITH THE REQUESTED BIOMETRIC DATA AND THE RESULT OF A HASH 
USING A SECRET AND THE NONCE OR RANDOM NUMBER 4120A 



THE RESULT OF THE HASH USING THE SECRET AND THE NONCE OR 
RANDOM NUMBER IS COMPARED TO AN EXPECTED VALUE FOR THE 
RESULT OF THE HASH 4125A 




REJECT THE TRANSMITTED 
BIOMETRIC DATA 4135 



ACCEPT THE TRANSMITTED 

BIOMETRIC DATA AS THE 
REQUESTED BIOMETRIC DATA 
4140 



Fig. 30A 
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4100B 



A BIOMETRIC DATA TRANSACTION IS REQUESTED INVOLVING A BIOMETRIC 

DEVICE 4110 



A NONCE OR RANDOM NUMBER IS PROVIDED TO THE BIOMETRIC DEVICE 

4115 



THE BIOMETRIC DEVICE RESPONDS TO THE DATA TRANSACTION REQUEST 
WITH THE REQUESTED BIOMETRIC DATA IN ENCRYPTED FORM AND THE 
RESULT OF A HASH USING A SECRET AND THE NONCE OR RANDOM 

NUMBER 4120B 



THE RESULT OF THE HASH USING THE SECRET AND THE NONCE OR 
RANDOM NUMBER IS COMPARED TO AN EXPECTED VALUE FOR THE 
RESULT OF THE HASH 4125B 




REJECT THE TRANSMITTED 
BIOMETRIC DATA 4135 



ACCEPT THE TRANSMITTED 

BIOMETRIC DATA AS THE 
REQUESTED BIOMETRIC DATA 
4140 



Fig. 30B 
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4200A 



A MASTER DEVICE IN THE COMPUTER SYSTEM ESTABLISHES A SECRET 
WITH A DEVICE IN THE COMPUTER SYSTEM DURING A TRUSTED SET-UP 

4205 



A DATA TRANSACTION IS REQUESTED INVOLVING THE DEVICE IN THE 
COMPUTER SYSTEM THAT KNOWS THE SECRET 4210 



A NONCE OR RANDOM NUMBER IS PROVIDED TO THE DEVICE IN THE 
COMPUTER SYSTEM THAT KNOWS THE SECRET 4215 



THE DEVICE RESPONDS TO THE DATA TRANSACTION REQUEST WITH 
EITHER THE REQUESTED DATA AND A RESULT OF A HASH USING THE 
SECRET AND THE NONCE OR RANDOM NUMBER OR THE RESULT OF THE 

HASH 4220A 



THE RESULT OF THE HASH USING THE SECRET AND THE NONCE OR 
RANDOM NUMBER IS COMPARED TO AN EXPECTED VALUE FOR THE 
RESULT OF THE HASH 4225 




REJECT THE TRANSMITTED 
DATA OR DO NOT SENT THE 
DATA 4235 
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4240A 
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A MASTER DEVICE IN THE COMPUTER SYSTEM ESTABLISHES A SECRET 
WITH A DEVICE IN THE COMPUTER SYSTEM DURING A TRUSTED SET-UP 

4205 



A DATA TRANSACTION IS REQUESTED INVOLVING THE DEVICE IN THE 
COMPUTER SYSTEM THAT KNOWS THE SECRET 4210 



2 

A NONCE OR RANDOM NUMBER IS PROVIDED TO THE DEVICE IN THE 
COMPUTER SYSTEM THAT KNOWS THE SECRET 4215 

I 

i 

THE DEVICE RESPONDS TO THE DATA TRANSACTION REQUEST BY EITHER 
ENCRYPTING THE REQUESTED DATA USING THE SECRET AND THE NONCE 
OR RANDOM NUMBER AND TRANSMITTING THE ENCRYPTED DATA AND A 
RESULT OF A HASH USING THE SECRET AND THE NONCE OR RANDOM 
NUMBER OR TRANSMITTING THE RESULT OF THE HASH 4220B 

i 

x 

THE RESULT OF THE HASH USING THE SECRET AND THE NONCE OR 
RANDOM NUMBER IS COMPARED TO AN EXPECTED VALUE FOR THE 
RESULT OF THE HASH 4225 




REJECT THE TRANSMITTED 
DATA OR DO NOT SENT THE 
DATA 4235 



ACCEPT THE TRANSMITTED 
DATA AS THE REQUESETED 
DATA OR ENCRYPT USING THE 
SECRET AND THE NONCE OR 
RANDOM NUMBER AND SEND 
THE ENCRYPTED DATA 4240B 



Fig. 31B 
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A MASTER DEVICE IN THE COMPUTER SYSTEM READS THE GUID FOR A 
DEVICE IN THE COMPUTER SYSTEM AND RECORDS THE GUID IN A GUID 
TABLE DURING A TRUSTED SET-UP 4305 

i 

_i 

A DATA TRANSACTION IS REQUESTED INVOLVING THE DEVICE IN THE 
COMPUTER SYSTEM WITH THE KNOWN GUID 4310 



A NONCE OR RANDOM NUMBER IS PROVIDED TO THE DEVICE IN THE 
COMPUTER SYSTEM WITH THE KNOWN GUID 4315 



THE DEVICE RESPONDS TO THE DATA TRANSACTION REQUEST WITH THE 
REQUESTED DATA AND A RESULT OF A HASH USING THE GUID AND THE 
NONCE OR RANDOM NUMBER OR THE RESULT OF THE HASH 4320A 



THE RESULT OF THE HASH USING THE GUID AND THE NONCE OR RANDOM 
NUMBER IS COMPARED TO AN EXPECTED VALUE FOR THE RESULT OF THE 

HASH 4325 




REJECT THE TRANSMITTED 
DATA OR DO NOT SENT THE 
DATA 4335 



ACCEPT THE TRANSMITTED 
DATA AS THE REQUESETED 
DATA OR SEND THE DATA 
4340A 



Fig. 32A 
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A MASTER DEVICE IN THE COMPUTER SYSTEM READS THE GUID FOR A 
DEVICE IN THE COMPUTER SYSTEM AND RECORDS THE GUID IN A GUID 
TABLE DURING A TRUSTED SET-UP 4305 



A DATA TRANSACTION IS REQUESTED INVOLVING THE DEVICE IN THE 
COMPUTER SYSTEM WITH THE KNOWN GUID 4310 



A NONCE OR RANDOM NUMBER IS PROVIDED TO THE DEVICE IN THE 
COMPUTER SYSTEM WITH THE KNOWN GUID 431 5 



THE DEVICE RESPONDS TO THE DATA TRANSACTION REQUEST BY 
ENCRYPTING THE REQUESTED DATA USING THE GUID AND THE NONCE OR 
RANDOM NUMBER AND TRANSMITTING THE ENCRYPTED DATA AND A 
RESULT OF A HASH USING THE GUID AND THE NONCE OR RANDOM 
NUMBER OR TRANSMITTING THE RESULT OF THE HASH 4320B 



THE RESULT OF THE HASH USING THE GUID AND THE NONCE OR RANDOM 
NUMBER IS COMPARED TO AN EXPECTED VALUE FOR THE RESULT OF 

THE HASH 4325 




REJECT THE TRANSMITTED 
DATA OR DO NOT SENT THE 
DATA 4335 



ACCEPT THE TRANSMITTED 
DATA AS THE REQUESETED 
DATA OR ENCRYPT USING 
GUID AND THE NONCE AND 
SEND THE ENCRYPTED DATA 
4340B 
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A MASTER DEVICE IN THE COMPUTER SYSTEM READS THE GUID FOR A 
DEVICE IN THE COMPUTER SYSTEM, RECORDS THE GUID IN A GUID TABLE, 
AND TRANSMITS A SECRET TO THE DEVICE DURING A TRUSTED SET-UP 

4306 



A DATA TRANSACTION IS REQUESTED INVOLVING THE DEVICE IN THE 
COMPUTER SYSTEM WITH THE KNOWN GUID THAT KNOWS THE SECRET 

4311 



A NONCE OR RANDOM NUMBER IS PROVIDED TO THE DEVICE IN THE 
COMPUTER SYSTEM WITH THE KNOWN GUID THAT KNOWS THE SECRET 

4316 



THE DEVICE RESPONDS TO THE DATA TRANSACTION REQUEST BY 
ENCRYPTING THE REQUESTED DATA USING THE SECRET, THE GUID, AND 
THE NONCE OR RANDOM NUMBER AND TRANSMITTING THE 
ENCRYPTED DATA AND A RESULT OF A HASH USING THE SECRET, THE 
GUID, AND THE NONCE OR RANDOM NUMBER OR TRANSMITTING THE 
RESULT OF THE HASH 4320C 



THE RESULT OF THE HASH USING THE SECRET, THE GUID, AND THE NONCE 
OR RANDOM NUMBER IS COMPARED TO AN EXPECTED VALUE FOR THE 

RESULT OF THE HASH 4326 
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DATA OR DO NOT SENT THE 
DATA 4335 



Fig. 32C 



ACCEPT THE TRANSMITTED 
DATA AS THE REQUESETED 
DATA OR ENCRYPT USING THE 
SECRET, THE GUID, AND THE 
NONCE AND SEND THE 
ENCRYPTED DATA 4340C 
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4400 



A MASTER DEVICE IN THE COMPUTER SYSTEM READS THE GUID FOR A 
DEVICE IN THE COMPUTER SYSTEM AND RECORDS THE GUID IN A GUID 
TABLE DURING A TRUSTED SET-UP 4405 



THE DEVICE MAY RECEIVE A SYSTEM GUID FROM THE MASTER DEVICE AND 

STORE THE SYSTEM GUID 4410 



THE DEVICE SETS A INTRODUCED BIT IN RESPONSE TO JOINING THE 

COMPUTER SYSTEM 4415 



THE DEVICE RECEIVES A TRANSACTION REQUEST FROM THE COMPUTER 
SYSTEM AND THE DEVICE CHECKS IF ITS INTRODUCED BIT IS SET 4420 




THE DEVICE DOES NOT 
FULFILL THE TRANSACTION 
REQUEST OR DO NOT 
RESPOND TO THE 
TRANSACTION REQUEST 4430 



THE DEVICE MAY REQUEST 
AUTHENTICATION FROM THE 
COMPUTER SYSTEM USING A SECRET 
(e.g. THE GUID AND/OR THE SYSTEM 
GUID) BEFORE RESPONDING TO THE 
TRANSACTION REQUEST 4435 



NO 



THE DEVICE FULFILLS THE 
TRANSACTION REQUEST 4445 
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THE DEVICE OR THE MASTER DEVICE INITIATES A REQUEST FOR THE 
DEVICE TO LEAVE THE COMPUTER SYSTEM 4505 



THE DEVICE AND THE MASTER DEVICE AUTHENTICATE EACH OTHER USING 
THE GUID AND/OR THE SYSTEM GUID IN RESPONSE TO THE REQUEST FOR 
THE DEVICE TO LEAVE THE COMPUTER SYSTEM 4510 



THE DEVICE RESETS THE INTRODUCED BIT IN RESPONSE TO THE DEVICE 
AND THE MASTER DEVICE SUCCESSFULLY AUTHENTICATING EACH OTHER 

4515 



Fig. 34 
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THE DEVICE RECEIVING A COMMAND FOR THE DEVICE TO LEAVE THE 

COMPUTER SYSTEM 4605 

I 
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THE DEVICE RECEIVING A MAINTENANCE KEY THAT SUCCESSFULLY 

AUTHENTICATES 4610 



THE DEVICE RESETS THE INTRODUCED BIT IN RESPONSE TO THE DEVICE 
RECEIVING THE MAINTENANCE KEY THAT SUCCESSFULLY AUTHENTICATES 

4615 



Fig. 35 
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4800 



TRANSMIT A MASTER MODE SIGNAL TO BUS INTERFACE LOGIC 
CONNECTED BETWEEN MASTER MODE LOGIC AND A DATA INPUT DEVICE, 
WHERE THE BUS INTERFACE LOGIC INCLUDES A MASTER MODE REGISTER 

4805 



SET A MASTER MODE BIT IN THE MASTER MODE REGISTER(S) TO 
ESTABLISH SECURE TRANSMISSION CHANNEL BETWEEN THE MASTER 
MODE LOGIC AND THE DATA IN D UT DEVICE OUTSIDE THE OPERATING 
SYSTEM OF THE COMPUTER SYSTEM 4810 



i 

THE MASTER MODE LOGIC AND THE DATA INPUT DEVICE EXCHANGE DATA 
OUTSIDE THE OPERATING SYSTEM OF THE COMPUTER SYSTEM THROUGH 
THE BUS INTERFACE LOGIC(S) THAT INCLUDE THE MASTER MODE 

REGISTER 4815 
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THE MASTER MODE LOGIC FLUSHES THE BUFFERS OF THE BUS INTERFACE 
LOGIC(S) THAT INCLUDE THE MASTER MODE REGISTER AFTER 
CONCLUDING THE DATA TRANSMISSIONS 4820 



i 
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THE MASTER MODE LOGIC SIGNALS THE BUS INTERFACE LOGIC(S) TO 
UNSET THE MASER MODE BITS AFTER FLUSHING THE BUFFERS OF THE 
BUS INTERFACE LOGIC(S) THAT INCLUDE THE MASTER MODE REGISTER 

4825 



Fig. 37 
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THE PROCESSOR EXECUTES BIOS CODE INSTRUCTIONS FROM SMM SPACE 

4920 



ACCESSING THE SECURITY HARDWARE 4930 



REQUEST AUTHENTICATION FROM THE CRYPTO-PROCESSOR USING 

MASTER MODE 4935A 



PLACE BUS INTERFACE LOGICS IN MASTER MODE 4938 



RECEIVE AUTHENTICATION DATA WHILE IN MASTER MODE 4940 



EXIT MASTER MODE AND FLUSH BUFFERS 4942 
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VERIFY AUTHENTICATION DATA 4944 




CONTINUE BOOT PROCESS 4990 



Fig. 38A 
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4920 
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OPTIONALLY ENTER BIOS MANAGEMENT MODE 4932 



REQUEST AUTHENTICATION FROM THE SECURITY HARDWARE USING 

MASTER MODE 4935B 



PLACE BUS INTERFACE LOGICS IN MASTER MODE 4938 



RECEIVE AUTHENTICATION DATA WHILE IN MASTER MODE 4940 
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AUTHENTICATE A DEVICE, A COMPUTER SUBSYSTEM, OR A COMPUTER 
SYSTEM TO A COMPUTER SUBSYSTEM, A COMPUTER SYSTEM, OR A 
NETWORK SECURITY SYSTEM 5105 




SET A STARTING VALUE ON A TIMER IN RESPONSE TO SUCCESSFULLY 

AUTHENTICATING 5110 



UPDATE THE TIMER IN A PERIODIC FASHION 51 1 5 
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ESTABLISH NETWORK CONNECTION TO A NETWORK SECURITY 

SYSTEM 5104 



AUTHENTICATE A PORTABLE COMPUTER TO THE NETWORK 
SECURITY SYSTEM, SUCH AS DURING A BOOT PROCESS 5106 



SET A STARTING VALUE ON A TIMER IN RESPONSE TO SUCCESSFULLY 

AUTHENTICATING 5110 



UPDATE THE TIMER IN A PERIODIC FASHION 5115 
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5131 
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BOOT PROCESS 5141 



Fig. 40B 
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